Posts

Microsoft Security Bulletin Coverage (May 8, 2012)

/in /by

SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of May, 2012. A list of issues reported, along with SonicWALL coverage information follows:

MS12-029 Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)

  • CVE-2012-0183 RTF Mismatch Vulnerability
    GAV: 18584 – Malformed-File rtf.MP.2

MS12-030 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2663830)

  • CVE-2012-0141 Excel File Format Memory Corruption Vulnerability
    GAV: 18668 – Malformed-File xls.MP.9
  • CVE-2012-0142 Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability
    GAV: 18672 – Malformed-File xls.MP.10
  • CVE-2012-0143 Excel Memory Corruption Using Various Modified Bytes Vulnerability
    GAV: 18675 – Malformed-File xls.MP.11
  • CVE-2012-0184 Excel SXLI Record Memory Corruption Vulnerability
    GAV: 18676 – Malformed-File xls.MP.12
  • CVE-2012-0185 Excel MergeCells Record Heap Overflow Vulnerability
    GAV: 18677 – Malformed-File xls.MP.13
  • CVE-2012-1847 Excel Series Record Parsing Type Mismatch Could Result in Remote Code Execution Vulnerability
    GAV: 18678 – Malformed-File xls.MP.14
    GAV: 18679 – Malformed-File xls.MP.15

MS12-031 Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2597981)

  • CVE-2012-0018 VSD File Format Memory Corruption Vulnerability
    GAV: 18603 – Malformed-File vsd.MP.1

MS12-032 Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338)

  • CVE-2012-0174 Windows Firewall Bypass Vulnerability
    There is no feasible method of detection at gateway level.
  • CVE-2012-0179 TCP/IP Double Free Vulnerability
    This is a local vulnerability.

MS12-033 Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533)

  • CVE-2012-0178 Plug and Play (PnP) Configuration Manager Vulnerability
    This is a local vulnerability.

MS12-034 Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)

  • CVE-2011-3402 TrueType Font Parsing Vulnerability
    GAV: 18600 – Malformed-File ttf.MP.1
  • CVE-2011-0159 TrueType Font Parsing Vulnerability
    GAV: 18601 – Malformed-File ttf.MP.2
  • CVE-2012-0162 .NET Framework Buffer Allocation Vulnerability
    GAV: 18521 – Malformed-File exe.MP.3
  • CVE-2012-0164 .NET Framework Index Comparison Vulnerability
    There is no feasible method of detection.
  • CVE-2012-0165 GDI+ Record Type Vulnerability
    GAV: 18516 – Malformed-File emf.MP.3
    GAV: 18680 – Malformed-File xls.MP.16
  • CVE-2012-0167 GDI+ Heap Overflow Vulnerability
    GAV: 18510 – Malformed-File emf.MP.1
    GAV: 18514 – Malformed-File emf.MP.2
  • CVE-2012-0176 Silverlight Double-Free Vulnerability
    There is no feasible method of detection.
  • CVE-2012-0180 Windows and Messages Vulnerability
    This is a local vulnerability.
  • CVE-2012-0181 Keyboard Layout File Vulnerability
    This is a local vulnerability.
  • CVE-2012-1848 Scrollbar Calculation Vulnerability
    This is a local vulnerability.

MS12-035 Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777)

  • CVE-2012-0160 .NET Framework Serialization Vulnerability
    This is a local vulnerability.
  • CVE-2012-0161 .NET Framework Serialization Vulnerability
    GAV: 18522 – Malformed-File exe.MP.4